General Industrial Controls Lynx+ Gateway Cleartext Transmission Vulnerability

A cleartext transmission vulnerability has been identified in General Industrial Controls Lynx+ Gateway, specifically in versions R08, V03, V05, and V18. This vulnerability allows an attacker to intercept network traffic and access sensitive information, including plaintext credentials. The issue arises from weak password requirements and missing authentication for critical functions, which could lead to unauthorized access and manipulation of the device.

Impact

Exploitation of this vulnerability could result in the interception of sensitive information, including passwords, creating an opportunity for unauthorized access to the affected system.

Remediation

General Industrial Controls has not responded to coordination efforts. Users are encouraged to contact GIC for more information. CISA recommends minimizing network exposure for control system devices, isolating them from business networks, and using secure remote access methods, such as VPNs.